A buffer overflow in Mirai could eliminate its ability to carry out HTTP flood attacks. But exploits may require hacking back, which is illegal under the CFAA.
Articles for October 2016
How did one contractor steal 50TB of NSA data? Easily, say former spies
The massive theft of secret NSA data, thought to be the largest breach of classified data in US history, happened over two decades.
Source: How did one contractor steal 50TB of NSA data? Easily, say former spies
We Built a Fake Web Toaster, and It Was Hacked in an Hour
Last week, a massive chain of hacked computers simultaneously dropped what they were doing and blasted terabytes of junk data to a set of key servers, temporarily shutting down access to popular sites in the eastern U.S. and beyond. There are around a couple billion public IPv4 addresses out there; any one of those might have a server, a desktop computer, or a toaster plugged in at the other end. Renting a small server from Amazon, I gussied it up to look like an unsecured web device, opening a web port that hackers commonly use to remotely control computers. Instead of allowing real access, though, I set up a false front: Hackers would think they were logging into a server, but I’d really just record their keystrokes and IP addresses.
Source: We Built a Fake Web Toaster, and It Was Hacked in an Hour
History repeating: How the Internet of Things is failing to learn the security lessons of the past | ZDNet
The massive cyberattacks which took down some of the most popular websites on the internet show that device manufacturers are not learning from the mistakes of the past.
American hacker Jester warns Russia to stop interfering with U.S. election
Jester, a hacker who takes down jihadist sites and warns U.S. authorities of terrorist threats, attacked the Russian Foreign Ministry site this weekend. Jester called out the Russians for hacking into U.S. sites to interfere with the U.S. election.
Source: American hacker Jester warns Russia to stop interfering with U.S. election
Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers | Threatpost | The first stop for security news
Ten percent of the 550,000 IoT nodes in the Mirai botnet are involved in ongoing DDoS attacks against DNS provider Dyn and others.
Revslider, MailPoet, GravityForms Exploits Bypass Cloudflare WAF – Wordfence
Last week we blogged about the advantages of endpoint security over a cloud firewall solution. We wrote about how cloud WAFs can be bypassed. We also blogged about how it is more challenging for a cloud WAF provider to write complex firewall rules because cloud WAFs don’t know if a user is signed in or what their […]
Source: Revslider, MailPoet, GravityForms Exploits Bypass Cloudflare WAF – Wordfence
MBRFilter — Open Source Tool to Protect Against ‘Master Boot Record’ Malware
Ransomware threat has risen exponentially so much that ransomware authors have started abusing the MBR in their attacks to lock down your entire computer instead of just encrypting your important files on hard drive.Talos team at Cisco Systems has released a free, open-source tool that protects the master boot record (MBR) sector of computers from modification by bootkits, ransomware, and other malicious attacks.
Master Boot Record (MBR) is the first sector (512 bytes) on your Hard drive that stores the bootloader, a piece of code that is responsible for booting the current Operating System.
Source: MBRFilter — Open Source Tool to Protect Against ‘Master Boot Record’ Malware
India experiences catastrophic cyberattack, 3.2 million debit card account details stolen | ZDNet
In one of the country’s worst data breaches to date, 3.2 million debit cards have reportedly become compromised.
Source: India experiences catastrophic cyberattack, 3.2 million debit card account details stolen | ZDNet
This ransomware is now one of the three most common malware threats | ZDNet
The total number of ransomware attacks rose by 13 percent in September alone, say Check Point cybersecurity researchers.
Source: This ransomware is now one of the three most common malware threats | ZDNet